Release Notes - Crunchy PostgreSQL 9.6.3-0
Crunchy Data is pleased to announce the release of updated packages for Crunchy PostgreSQL 9.6.3, a trusted open source distribution of PostgreSQL 9.6. In addition, a few Crunchy tools have been updated.
The update of Crunchy PostgreSQL 9.6.3-0 includes:
The update of Crunchy Tools includes:
- PostgreSQL 9.6.3-0
- PGJDBC 42.0.0-0
- PGJDBC 42.1.0-0
- PGJDBC 42.1.1-0
- PgAudit set User 1.2.0-0
- PgAudit set User 1.3.0-0
- PL/R 220.127.116.11 (NEW)
Individual package details can be found below.
- Crunchy Backrest 1.13-0
- Crunchy Backrest 1.14-0
- Crunchy Backrest 1.15-0
- Crunchy Backrest 1.16-0
- Crunchy Backrest 1.17-0
- Crunchy Backrest 1.18-0
- PgPool 3.6.2-0
- PgPool 3.6.3-0
- PGAdmin4 1.4.0-0
Crunchy PostgreSQL 9.6.3-0 includes:
- CVE-2017-7486 - Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options
The previous coding allowed the owner of a foreign server object, or anyone he has granted server USAGE permission to, to see the options for all user mappings associated with that server. This might well include passwords for other users. Adjust the view definition to match the behavior of information_schema.user_mapping_options, namely that these options are visible to the user being mapped, or if the mapping is for PUBLIC and the current user is the server owner, or if the current user is a superuser.
By itself, this patch will only fix the behavior in newly initdb'd databases. If you wish to apply this change in an existing database, you will need to do the following:
- Restart the postmaster after adding allow_system_table_mods = true to postgresql.conf. (In versions supporting ALTER SYSTEM, you can use that to make the configuration change, but you'll still need a restart.)
- In each database of the cluster, run the following commands as superuser:
SET search_path = pg_catalog;
CREATE OR REPLACE VIEW pg_user_mappings AS
U.oid AS umid,
S.oid AS srvid,
S.srvname AS srvname,
U.umuser AS umuser,
CASE WHEN U.umuser = 0 THEN
END AS usename,
CASE WHEN (U.umuser <> 0 AND A.rolname = current_user)
OR (U.umuser = 0 AND pg_has_role(S.srvowner, 'USAGE'))
OR (SELECT rolsuper FROM pg_authid WHERE rolname = current_user)
ELSE NULL END AS umoptions
FROM pg_user_mapping U
LEFT JOIN pg_authid A ON (A.oid = U.umuser) JOIN
pg_foreign_server S ON (U.umserver = S.oid);
- Do not forget to include the template0 and template1 databases, or the vulnerability will still exist in databases you create later. To fix template0, you'll need to temporarily make it accept connections. In PostgreSQL 9.5 and later, you can use
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;
and then after fixing template0, undo that with
ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;
In prior versions, instead use
UPDATE pg_database SET datallowconn = true WHERE datname = 'template0';
UPDATE pg_database SET datallowconn = false WHERE datname = 'template0';
- Finally, remove the allow_system_table_mods configuration setting, and again restart the postmaster.
- CVE-2017-7484 - Prevent exposure of statistical information via leaky operators.
Some selectivity estimation functions in the planner will apply user-defined operators to values obtained from pg_statistic, such as most common values and histogram entries. This occurs before table permissions are checked, so a nefarious user could exploit the behavior to obtain these values for table columns he does not have permission to read. To fix, fall back to a default estimate if the operator's implementation function is not certified leak-proof and the calling user does not have permission to read the table column whose statistics are needed. At least one of these criteria is satisfied in most cases in practice.
- CVE-2017-7485 - Restore libpq's recognition of the PGREQUIRESSL environment variable
Processing of this environment variable was unintentionally dropped in PostgreSQL 9.3, but its documentation remained. This creates a security hazard, since users might be relying on the environment variable to force SSL-encrypted connections, but that would no longer be guaranteed. Restore handling of the variable, but give it lower priority than PGSSLMODE, to avoid breaking configurations that work correctly with post-9.3 code.
- Fix possibly-invalid initial snapshot during logical decoding
- Fix possible corruption of "init forks" of unlogged indexes
- Fix incorrect reconstruction of pg_subtrans entries when a standby server replays a prepared but uncommitted two-phase transaction
- Avoid possible crash in walsender due to failure to initialize a string buffer
- Fix possible crash when rescanning a nearest-neighbor index-only scan on a GiST index
- Prevent delays in postmaster's launching of multiple parallel worker processes
- Fix postmaster's handling of fork() failure for a background worker process
- Fix possible "no relation entry for relid 0" error when planning nested set operations
- Fix assorted minor issues in planning of parallel queries
- Avoid applying "physical targetlist" optimization to custom scans
- Use the correct sub-expression when applying a FOR ALL row-level-security policy
- Ensure parsing of queries in extension scripts sees the results of immediately-preceding DDL
- Skip tablespace privilege checks when ALTER TABLE ... ALTER COLUMN TYPE rebuilds an existing index
- Fix ALTER TABLE ... VALIDATE CONSTRAINT to not recurse to child tables when the constraint is marked NO INHERIT
- Avoid dangling pointer in COPY ... TO when row-level security is active for the source table
- Avoid accessing an already-closed relcache entry in CLUSTER and VACUUM FULL
- Fix VACUUM to account properly for pages that could not be scanned due to conflicting page pins
- Ensure that bulk-tuple-transfer loops within a hash join are interruptible by query cancel requests
- Fix incorrect support for certain box operators in SP-GiST
- Fix integer-overflow problems in interval comparison
- Fix cursor_to_xml() to produce valid output with tableforest = false
- Fix roundoff problems in float8_timestamptz() and make_interval()
- Fix pg_get_object_address() to handle members of operator families correctly
- Fix cancelling of pg_stop_backup() when attempting to stop a non-exclusive backup
- Improve performance of pg_timezone_names view
- Reduce memory management overhead for contexts containing many large blocks
- Fix sloppy handling of corner-case errors from lseek() and close()
- Fix incorrect check for whether postmaster is running as a Windows service
- Fix ecpg to support COMMIT PREPARED and ROLLBACK PREPARED
- Fix a double-free error when processing dollar-quoted string literals in ecpg
- Fix pgbench to handle the combination of --connect and --rate options correctly
- Fix pgbench to honor the long-form option spelling --builtin, as per its documentation
- Fix pg_dump/pg_restore to correctly handle privileges for the public schema when using --clean option
- In pg_dump, fix incorrect schema and owner marking for comments and security labels of some types of database objects
- Fix typo in pg_dump's query for initial privileges of a procedural language
- Avoid emitting an invalid list file in pg_restore -l when SQL object names contain newlines
- Fix pg_upgrade to transfer comments and security labels attached to "large objects" (blobs)
- Improve error handling in contrib/adminpack's pg_file_write() function
- In contrib/dblink, avoid leaking the previous unnamed connection when establishing a new unnamed connection
- Fix contrib/pg_trgm's extraction of trigrams from regular expressions
- In contrib/postgres_fdw, allow join conditions that contain shippable extension-provided functions to be pushed to the remote server
- Support Tcl 8.6 in MSVC builds
- Sync our copy of the timezone library with IANA release tzcode2017b
- Use correct daylight-savings rules for POSIX-style time zone names in MSVC builds
- Full release notes can be found here
Notable Fixes and Refactoring:
- fix: add isLoggable around parameterized logger
- fix: correct edge cases for setCharacterStream(int, Reader)
- fix: revert ExpressionProperties to Properties in BaseDataSource
- fix: accept server version with more than 3 parts
- fix: strict handling of getBoolean and setObject with postgres accepted values
- refactor: deprecated PGPoolingDataSource
- refactor: remove checks for jdk version 1.4 (tests)
- fix: ensure executeBatch() does not use server-side prepared statements when prepareThreshold=0
- refactor: fix getDriverVersion, getDriverName and getJDBCMajor/MinorVersion methods
- fix: huntbugs on PgDatabaseMetaData, String concatenation in a loop
- refactor: remove charset property not used
- style: reorder checkstyle in travis
- refactor: add CallableQueryKey#equals override
- fix: robust castToBoolean for setObject in PreparedStatement
- fix: add query to support postgresql 8.2 without t.typarray
- refactor: remove support for postgresql < 8.2
- bug: fix not enscaped special symbol that fail build
- refactor: make HostChooser implement Iterable
- refactor: remove deprecated Utils' methods
- refactor: migrate to Junit4
- Use java.util.logging
- Support microsecond resolution for JSR-310 types
- Add replication protocol API
- Connect the socket only if the socket factory created an unconnected socket
- Add support for PreparedStatement.setCharacterStream(int, Reader)
- Do not use pg_depend against PostgreSQL 9.0+
- Display error position when SQL has unterminated literals, comments, etc
- Only resolve hostname if not using a SOCKS proxy
- Infinity handling for java.time types
- Refactor: add encoding, fix expected/actual, use proper constructor
- Fix last block of stream being ignored if size < 8k
- Function calls without parameters do not require parentheses
- Not valid calculate lastReceiveLSN for logical replication
- Fix false alarm on check coredump
- Use SQLWarning(String reason) constructor for correct DriverMana
- Honor setLogStream if the logStream is set
- Test: check that new properties follow correct lower camel case
- Make sure org.postgresql.Driver is loaded when accessing though DataSource interface
- support fetching a REF_CURSOR using getObject
- improve waiting for notifications by providing a timeout option
- Infinite dates might be corrupted when transferred in binary for certain JREs
PgAudit set User 1.2.0-0
- In previous commit, two new versions of the existing functions were created, but had incorrect permissions. Fix that.
- Add new variants of set_user and reset_user which allow a token to be set initially and if so required to be present and match at reset time.
PgAudit set User 1.3.0-0
- Add pg10 compatibility for ProcessUtilityHook
PL/R is a loadable procedural language that enables you to write PostgreSQL functions and triggers in the R programming language. PL/R offers most (if not all) of the capabilities a function writer has in the R language.
Notable Fixes and Features:
- This is primarily to provide windows dll files. The dlls were created on windows 10 using vc2015 and R-3.3.1
The update of Crunchy Tools includes:
Crunchy Backrest 1.13-0
IMPORTANT NOTE: The new implementation of asynchronous archiving no longer copies WAL to a separate queue. If there is any WAL left over in the old queue after upgrading to 1.13, it will be abandoned and not pushed to the repository.
To prevent this outcome, stop archiving by setting archive_command = false. Next, drain the async queue by running pgbackrest --stanza=[stanza-name] archive-push and wait for the process to complete. Check that the queue in [spool-path]/archive/[stanza-name]/out is empty. Finally, install 1.13 and restore the original archive_command.
IMPORTANT NOTE: The stanza-create command is not longer optional and must be executed before backup or archiving can be performed on a new stanza. Pre-existing stanzas do not require stanza-create to be executed.
- Fixed const assignment giving compiler warning in C library.
- Fixed a few directory syncs that were missed for the --repo-sync option.
- Fixed an issue where a missing user/group on restore could cause an "uninitialized value" error in File->owner().
- Fixed an issue where protocol mismatch errors did not output the expected value.
- Fixed a spurious archive-get log message that indicated an exit code of 1 was an abnormal termination.
- Improved, multi-process implementation of asynchronous archiving.
- Improved stanza-create command so that it can repair broken repositories in most cases and is robust enough to be made mandatory.
- Improved check command to run on a standby, though only basic checks are done because pg_switch_xlog() cannot be executed on a replica.
- Added archive and backup WAL ranges to the info command.
- Added warning to update pg_tablespace.spclocation when remapping tablespaces in PostgreSQL < 9.2.
- Remove remote lock requirements for the archive-get, restore, info, and check commands since they are read-only operations.
- Refactor File and BackupCommon modules to improve test coverage.
- Return proper error code when unable to convert a relative path to an absolute path.
- Log file banner is not output until the first log entry is written.
- Moved File->manifest() into the FileCommon.pm module.
- Moved the Archive modules to the Archive directory and split the archive-get and archive-push commands into separate modules.
- Split the check command out of the Archive.pm module.
- Allow logging to be suppressed via logDisable() and logEnable().
- Allow for locks to be taken more than once in the same process without error.
- Lock directories can be created when more than one directory level is required.
- Clean up optionValid()/optionTest() logic in Lock.pm.
- Added Exception::exceptionCode() and Exception::exceptionMessage() to simplify error handling logic.
- Represent .gz extension with a constant.
- Allow empty files to be created with FileCommon::fileStringWrite() and use temp files to avoid partial reads.
- Refactor process IO and process master/minion code out from the common protocol code.
- Reduced the likelihood of torn pages causing a false positive in page checksums by filtering on start backup LSN.
- Remove Intel-specific optimization from C library build flags.
- Removed --lock option. This option was introduced before the lock directory could be located outside the repository and is now obsolete.
- Added --log-timestamp option to allow timestamps to be suppressed in logging. This is primarily used to avoid filters in the automated documentation.
- Fixed alignment issues with multiline logging.
Crunchy Backrest 1.14-0
- Fixed an issue where an archive-push error would not be retried and would instead return errors to PostgreSQL indefinitely (unless the .error file was manually deleted).
- Fixed a race condition in parallel archiving where creation of new paths generated an error when multiple processes attempted to do so at the same time.
- Improved performance of wal archive min/max provided by the info command.
Crunchy Backrest 1.15-0
- Fixed a regression introduced in v1.13 that could cause backups to fail if files were removed (e.g. tables dropped) while the manifest was being built.
- Refactor FileCommon::fileManifest() and FileCommon::fileStat to be more modular to allow complete branch/statement level coverage testing.
Crunchy Backrest 1.16-0
- Fixed an issue where tables over 1GB would report page checksum warnings after the first segment.
- Fixed an issue where databases created with a non-default tablespace would raise bogus warnings about pg_filenode.map and pg_internal.init not being page aligned.
- Improved the code and tests for fileManifest() to prevent a possible race condition when files are removed by the database while the manifest is being built.
Crunchy Backrest 1.17-0
- Fixed an issue where newly initialized (but unused) pages would cause page checksum warnings.
Crunchy Backrest 1.18-0
- Fixed an issue where read-only operations that used local worker processes (i.e. restore) were creating write locks that could interfere with parallel archive-push.
- Added the stanza-upgrade command to provide a mechanism for upgrading a stanza after upgrading to a new major version of PostgreSQL.
- Added validation of pgbackrest.conf to display warnings if options are not valid or are not in the correct section.
- Simplify locking scheme. Now, only the master process will hold write locks (for archive-push and backup commands) and not all local and remote worker processes as before.
- Refactor Ini.pm to facilitate testing.
- Do not set timestamps of files in the backup directories to match timestamps in the cluster directory. This was originally done to enable backup resume, but that process is now implemented with checksums.
- Improved error message when the restore command detects the presence of postmaster.pid.
- Renumber return codes between 25 and 125 to avoid PostgreSQL interpreting some as fatal signal exceptions.
- The backup and restore commands no longer copy via temp files. In both cases the files are checksummed on resume so there's no danger of partial copies.
- Allow functions to accept optional parameters as a hash.
- Refactor File->list() and fileList() to accept optional parameters.
- Refactor backupLabel() and add unit tests.
- Silence some perl critic warnings.
- Add "Wants=network.target" in pgpool.service file.
- Fix pcp_promote_node bug that fails promoting node 0
- Pgpool-II should not perform ping test after bringing down the VIP
- Fix to release shared memory segments when Pgpool-II exits.
- Fix for [pgpool-general: 5315] pg_terminate_backend
- Adding the missing ExecStop and ExecReload commands to the systemd service configuration file.
- Fix for 281: "segmentation fault" when execute pcp_attach_node
- Fix load balancing bug in streaming replication mode.
- Fix yet another kind mismatch error in streaming replication mode.
- Fix do_query() hangs after close message.
- Fixing 0000280: stack smashing detected
- Fixing the issue with the watchdog process restart.
- Fix query cache bug reported in pgpool-general-jp:1441.
- Remove elog/ereport calls from signal handlers.
- Fix typo in Japanese release notes.
- Fix bug failed to create INET domain socket in FreeBSD if listen_addresses = '*'.
- Fix for 0000249: watchdog sometimes fails de-escalation.
- Fix connection_life_time broken by authentication_timeout
- Fix authentication timeout that can occur right after client connecttions
- Fix include file path error.
- Fix "show pool_cache" segfault when memcached is used.
- Fix for some more code warnings.
- Fixing some annoying compiler warnings.
- Removing the function defined but not used warnings from pool_config_vatiable.c
- Removing the references of obsolete debug_level configuration parameter.
- Fixing a mistake in the watchdog code.
- Fix for 0000299: Errors on the reloading of configuration
- Add pgpool_adm Japanese docs.
- Add installation procedure of pgpool_adm.
- Add missing pgpool_adm manuals.
- Fix indentation.
- Fix for 0000289: Inconsistent backend state
- Enhancing the handling of split-brain scenario by the watchdog.
- Enhancing the watchdog internal command mechanism to handle multiple concurrent commands.
- Fix compiler warnings.
- Comment out unsupported Java method in new JDBC drivers to prevent regression failure.
- Downgrade parse before bind log message to debug1.
- Fix coverity warning CID#1373258 "Uninitialized scalar variable"
- Fix coverity reported issues of buffer overrun.
- Fix coverity warnings.
- Fix for [pgpool-general: 5396] pam ldap failure
- Mention that SQL type commands cannot be used in extended query mode.
- Consider SHOW command as kind of a read query.
- Fix memory leak problem caused by commit adcb636.
- Mega patch to fix "kind mismatch" (or derived) errors in streaming replication mode.
- Fix for 0000296: PGPool v3.6.2 terminated by systemd because the service Type has been set to 'forking'
- Bug #2077: can't access database after renaming
- Bug #2105: Save Button issue without table name
- Bug #2145: Restore schema issue
- Bug #2187: Table creation syntax error
- Bug #2190: Move language selection to Preferences
- Bug #2226: Tooltips are not shown for disabled buttons.
- Bug #2241: Error message does not clear when numeric controls changes state from invalid to valid in nested schema.
- Bug #2243: Database is not being removed if name contain Arabic character through right click
- Bug #2244: Internal server error displayed if View Data used on a table with no columns
- Bug #2246: pgAdmin v1.3 drop function braces missing
- Bug #2258: Add handling of DATERANGE type
- Bug #2264: *ExtDeprecationWarning* also displayed on new pgAdmin4 setup for Python 3.4 on ubuntu 14.04 Linux 64
- Bug #2265: [View Data] Filter Menu options don't work (By selection, Exclude selection)
- Bug #2274: Row Deletion Against Tables With PKs Not at Ordinal 0 Position Fail
- Bug #2277: Internal server error displayed if table name contains long character
- Bug #2281: In-consistent behavior of Disconnect server through Object Menu
- Bug #2283: Select2Cell: Check if cell is in multiselect mode before setting default selection of multiple values.
- Bug #2287: If you enter a query with EXPLAIN statement will lead to an error
- Bug #2291: Error highlighting broken
- Bug #2299: Runtime uses freeed memory due to uncorrect use of QString::toUtf8()
- Bug #2303: Ascending/descending sort is broken in backgrid.
- Bug #2304: restore from backup does not work for a table
- Bug #2305: Sequence description does not like UTF
- Bug #2310: "Dialog Help" was broken in case where query tool/Debugger opens in new browser tab
- Bug #2319: Click on pgAdmin4 logo leads to unauthorized error
- Bug #2321: Issue in browser tree while adding new nodes if parent collection node is not loaded
- Bug #2330: HTML returned from a query is rendered by the query tool
- Feature #1344: Can't use multiple monitors (Windows 10)
- Feature #2232: Add the ability to gray-out/disable the "Save Password" option when creating a connection to a server
- Feature #2261: Display table DDL for Greenplum in SQL tab
- Feature #2320: German translation
If you have any questions regarding this release, or should you need assistance or advice in upgrading, contact Crunchy Support by email at email@example.com or by phone at (843) 737-6254.